Security Alert

Oct. 19, 2018 – Gift Card Phishing Attempt

Friday, Oct. 19 2018, OIT received reports of many UA employees receiving messages with requests to purchase gift cards. The emails appear to come from executives or vice presidents requesting $100 gift cards; however, they are actually phishing emails from malicious actors.

If you have received an email like this, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu. Remember the red flags of phishing, and always check the “from” email address on suspicious messages.

If you did receive this email and you have questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Oct. 12, 2015 – Student Phishing Alert

Friday, Oct. 12 2018, many UA students received a phishing email with the from email address “fhamedwomanlon@gmail.com” with the subject title “Student Internship Opportunity”.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 oritsd@ua.edu.

 

Cybersecurity Awareness Month Tip: Free Credit Freeze

October is Cybersecurity Awareness Month. Keep your information secure with tips from OIT.

Effective this year, individuals can now place a freeze on their credit at no cost. Your first question may be, “What is a credit freeze?” It’s easier than it sounds, and it is the best way to prevent malicious actors from using your personal information to open new accounts in your name.

When an individual freezes their credit, a credit bureau cannot provide any information about the individual to a lender until the individual elects to thaw the freeze.  Prior to federal legislation approved in September, individuals were required to pay a $10 fee each time the credit was frozen or thawed. Now, individuals can freeze and thaw their credit with no fee.

Individuals can freeze their credit with Equifax, TransUnion and Experian for free. OIT recommends placing a freeze at all three bureaus. Visit their websites directly to establish the freeze.

When a freeze is established with each bureau, the bureau will provide a pin or secure identification code to secure the account. Individuals can then provide that pin number to the bureau when ready to thaw the credit. An individual may need to thaw the credit when making a large purchase or requesting a loan. When making a purchase that requires a credit check, simply ask the lender which credit bureau they use, and you can thaw the freeze with that bureau only. Remember to re-freeze your credit after the purchase is made.

To learn more about credit freezes, please visit the Federal Trade Commission website.

October is National Cybersecurity Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cybersecurity Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.

 

5 Cyber Tips to Follow at Home and at Work

October is Cybersecurity Awareness Month. Keep your information secure at home and at work with the following tips from OIT.

Create Strong Passwords

OIT recommends that all passwords be 12 or more characters, with a mixture of uppercase, lowercase, numbers and special characters. We understand it can be tricky to generate, and remember, complex passwords. Later this semester, OIT will be providing LastPass password management tool for free to all students, faculty and staff. With LastPass, all passwords will be stored in a secure and encrypted environment. Moving forward, the only password you’ll have to remember is your password to LastPass. Stay tuned for more information.

Use 2FA

Most UA students, faculty and staff are familiar with DUO two-factor authentication, but did you know that other websites offer their own version of two-factor? Google, iCloud, Amazon, Facebook and even Snapchat offer two-factor verification to protect the sensitive data in these accounts. Activate two-factor for your personal accounts today.

Credit Freeze

A credit freeze is the best way to prevent malicious actors from using your personal information to open new accounts in your name. When an individual freezes their credit, the credit bureaus cannot provide any information about the individual to lenders until the individual elects to thaw the freeze.  Individuals can freeze their credit with Equifax, TransUnion and Experian for free. OIT recommends placing a freeze at all three bureaus. Visit their websites directly to establish the freeze.

Do not share sensitive data

Hackers do their homework. When malicious actors send spear phishing attacks, they design emails to often come from individuals within your contact list. If you get a suspicious email from a colleague, OIT recommends that you call that individual to verify the email. Do not respond to the email to verify its sender, and do not send any sensitive information via email.

Backup

Finally, backup your data! This applies at home and at work; accidents can happen anywhere. Keep your files safe and encrypted in a cloud storage account like UA Box. This applies to sensitive work material and your grandmother’s coconut cake recipe. Anything you want to keep safe should be stored in a secure cloud storage account. If you prefer to store files on an external hard drive or flash drive, plug the device into your computer, backup your files, and then unplug it and store it in a safe location.

October is National Cybersecurity Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cybersecurity Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.

Phishing Alert – October 3, 2018

Wednesday, Oct. 3 2018, many UA students received a phishing email with from the email address pg712031@gmail.com with the subject title “Students Opportunity”.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Phishing Alert – Sept. 24, 2018

Monday, Sept. 24 2018, many UA employees received a phishing email with from the email address amuir@BakerRipley.org with the subject title “Outlook Upgrade”.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Student Phishing Alert – Sept. 7, 2018

Friday, Sept. 7, 2018, many UA students received a phishing email from the email address c.jain@csuohio.edu with the subject line Job Opportunity.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

OIT to Add DUO to Additional UA Services

Monday, Sept. 10, 2018 DUO two-factor authentication will be applied to the Concur travel and expense management system and to UA Box cloud storage. This change will only impact active DUO users.  On Sept. 10, users that have active DUO accounts will begin to see the DUO prompt when logging into Concur or Box. Users who have not activated DUO will not notice any change, users will login with their username and password. This change will not impact users who have installed Box mobile or desktop apps such as Box Sync.

DUO is designed to protect the sensitive data held within user accounts like Concur and Box. The Office of Information Technology recommends that all UA faculty and staff activate DUO. To activate your account, visit duo.ua.edu. Please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu with any questions or concerns.

DUO Outage – Aug. 20, 2018

Update 2:40pm – DUO has resolved the issue. OIT has re-enabled the DUO requirement for UA services. DUO is expected to post a root cause analysis of the issue on their status page as soon as it becomes available. https://status.duo.com/

This issue impacted all users on the DUO1 deployment, many entities were impacted including our counterparts at other institutions. Thankfully, OIT was able to disable our DUO requirement, allowing users to gain access to UA services, such as myBama and Webmail without DUO.

We thank you for your patience in this issue. I’d like to take this opportunity to remind you that the OIT status page is always available to provide quick answers to service status questions. https://status.oit.ua.edu/


10:28am – Users may notice that systems that normally require DUO to permit access do not have the DUO prompt. We have temporarily disabled the DUO requirement while an issue is investigated. DUO is investigating the outage – https://status.duo.com/

Additional UA status updates are provided on the OIT Status site https://status.oit.ua.edu.

Students – Beware of Phishing Scams

During the summer months, many students receive phishing emails offering fake job and internship opportunities. The Office of Information Technology encourages students to be mindful of scams that pose as job offers. Review the red flags of phishing below to recognize any malicious emails in your Crimson inbox.

“Hackers know exactly what to say to get the attention of students,” said UA Chief Information Security Officer Ashley Ewing. “They often send students emails that say things about summer jobs or internships, because they know that’s what students are wanting to see in their inboxes.”

OIT urges students to understand and recognize the warning signs of a phishing email, so that students are able to decipher a real job offer from a phishing job offer.

  • Look at the “From” email address. Confirm that the @ address is the company that the sender says it is.
  • Hover over links to see the URL before you click.
  • Look for an official email signature.
  • If you didn’t apply for it, don’t open it.
  • Do not send sensitive data, like a social security number, over email.
  • Never provide financial information, like credit card numbers or bank account numbers, over email.

If students suspect they are a victim of a phishing attack, they are encouraged change their myBama password and to install DUO. For questions, please contact the IT Service Desk at 205-348-5555 with any questions.